Lessons learned from the design of the SCIM API

756 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
756
On SlideShare
0
From Embeds
0
Number of Embeds
62
Actions
Shares
0
Downloads
15
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Lessons learned from the design of the SCIM API

  1. 1. Erik Wahlström Technology Strategist 9/19/2013 1
  2. 2. Erik Wahlström Technology Strategist 9/19/2013 2 Lessons learned from the design of the SCIM API
  3. 3. Erik Wahlström Technology Strategist 9/19/2013 3 Todays topics  What is SCIM?  What problems does it solve?  Lessons learned.
  4. 4. Erik Wahlström Technology Strategist 9/19/2013 4 System for Cross-domain Identity Management  Enterprises are distributed.  Life cycle management.  Move users in and out of the cloud.
  5. 5. Erik Wahlström Technology Strategist 9/19/2013 5 What does it do?  Lightweight provisioning protocol.  Defines a schema and a protocol.  Developed by Salesforce, Google, Cisco, UnboundID, Ping Identity, Sailpoint, neXus, Microsoft, VMWare, Oracle etc.
  6. 6. Erik Wahlström Technology Strategist 9/19/2013 6 The SCIM players  One server that need or creates data.  Another server that stores data.  A high level of trust between them.  In Sweden, remember PuL (Personuppgiftslagen).  User consents in Germany.
  7. 7. Erik Wahlström Technology Strategist 9/19/2013 7 Synchronize HRUsers
  8. 8. Erik Wahlström Technology Strategist 9/19/2013 8 On demand provisioning Users
  9. 9. Erik Wahlström Technology Strategist 9/19/2013 9 Inter-clouds Users
  10. 10. Erik Wahlström Technology Strategist 9/19/2013 10 Before SCIM  Everybody rolled there own  Provisioning plugins  SPML
  11. 11. Erik Wahlström Technology Strategist 9/19/2013 11 neXus + SCIM = true  Control of our users.  Simplified single sign on.  Important step for the cloud.  Important step for privacy.
  12. 12. Erik Wahlström Technology Strategist 9/19/2013 12 Schema and API
  13. 13. Erik Wahlström Technology Strategist 9/19/2013 13 ResourceServiceProviderConfigs Use r Group EnterpriseUser Schema
  14. 14. Erik Wahlström Technology Strategist 9/19/2013 14
  15. 15. Erik Wahlström Technology Strategist 9/19/2013 15 API  REST based protocol  cURL friendly  Firewall friendly  OAuth2 recommended  SSL/TLS
  16. 16. Erik Wahlström Technology Strategist 9/19/2013 16 API Endpoints and HTTP verbs What End point Verb User /Users GET, POST, PUT, PATCH, DELETE Group /Groups GET, POST, PUT, PATCH, DELETE Service Provider Configuration /ServiceProviderConfigs GET Schema /Schemas GET Bulk /Bulk POST
  17. 17. Erik Wahlström Technology Strategist 9/19/2013 17
  18. 18. Erik Wahlström Technology Strategist 9/19/2013 18
  19. 19. Erik Wahlström Technology Strategist 9/19/2013 19
  20. 20. Erik Wahlström Technology Strategist 9/19/2013 20
  21. 21. Erik Wahlström Technology Strategist 9/19/2013 21 Other features in the API  Filtering, paging and sorting  User storages can be huge  Filter language  Discovery  Schemas  Service provider configurations
  22. 22. Erik Wahlström Technology Strategist 9/19/2013 22 Lessons learned
  23. 23. Erik Wahlström Technology Strategist 9/19/2013 23 Extensibility 80 20 00
  24. 24. Erik Wahlström Technology Strategist 9/19/2013 24
  25. 25. Erik Wahlström Technology Strategist 9/19/2013 25 Versioning of API and schema  /v1/Users/erikw  /v2/Users/erikw  "schemas": ["urn:scim:schemas:core:1.0"],  "schemas": ["urn:scim:schemas:core:2.0:User"]
  26. 26. Erik Wahlström Technology Strategist 9/19/2013 26 Weak ETags for versioning of data
  27. 27. Erik Wahlström Technology Strategist 9/19/2013 27 Error handling
  28. 28. Erik Wahlström Technology Strategist 9/19/2013 28 HTTP method overloading
  29. 29. Erik Wahlström Technology Strategist 9/19/2013 29 Release
  30. 30. Erik Wahlström Technology Strategist 9/19/2013 30 Changed and worked on in 2.0  Reference resources  Search using only identifier  Search using POST  A hum to drop XML.  Integrations with OpenID Connect and SAML
  31. 31. Erik Wahlström Technology Strategist 9/19/2013 31 More info and thanks.  http://www.simplecloud.info  https://tools.ietf.org/wg/scim/  @erik_wahlstrom  erik.wahlstrom@nexusgroup.com

×